Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kxstitch-2.2.0/src/AlphaSelect.cpp
Examining data/kxstitch-2.2.0/src/AlphaSelect.h
Examining data/kxstitch-2.2.0/src/BackgroundImage.cpp
Examining data/kxstitch-2.2.0/src/BackgroundImage.h
Examining data/kxstitch-2.2.0/src/BackgroundImages.cpp
Examining data/kxstitch-2.2.0/src/BackgroundImages.h
Examining data/kxstitch-2.2.0/src/Boundary.cpp
Examining data/kxstitch-2.2.0/src/Boundary.h
Examining data/kxstitch-2.2.0/src/CalibrateFlossDlg.cpp
Examining data/kxstitch-2.2.0/src/CalibrateFlossDlg.h
Examining data/kxstitch-2.2.0/src/Commands.cpp
Examining data/kxstitch-2.2.0/src/Commands.h
Examining data/kxstitch-2.2.0/src/ConfigurationDialogs.cpp
Examining data/kxstitch-2.2.0/src/ConfigurationDialogs.h
Examining data/kxstitch-2.2.0/src/Document.cpp
Examining data/kxstitch-2.2.0/src/Document.h
Examining data/kxstitch-2.2.0/src/DocumentFloss.cpp
Examining data/kxstitch-2.2.0/src/DocumentFloss.h
Examining data/kxstitch-2.2.0/src/DocumentPalette.cpp
Examining data/kxstitch-2.2.0/src/DocumentPalette.h
Examining data/kxstitch-2.2.0/src/Editor.cpp
Examining data/kxstitch-2.2.0/src/Editor.h
Examining data/kxstitch-2.2.0/src/Element.cpp
Examining data/kxstitch-2.2.0/src/Element.h
Examining data/kxstitch-2.2.0/src/Exceptions.cpp
Examining data/kxstitch-2.2.0/src/Exceptions.h
Examining data/kxstitch-2.2.0/src/ExtendPatternDlg.cpp
Examining data/kxstitch-2.2.0/src/ExtendPatternDlg.h
Examining data/kxstitch-2.2.0/src/FilePropertiesDlg.cpp
Examining data/kxstitch-2.2.0/src/FilePropertiesDlg.h
Examining data/kxstitch-2.2.0/src/Floss.cpp
Examining data/kxstitch-2.2.0/src/Floss.h
Examining data/kxstitch-2.2.0/src/FlossScheme.cpp
Examining data/kxstitch-2.2.0/src/FlossScheme.h
Examining data/kxstitch-2.2.0/src/ImageElementDlg.cpp
Examining data/kxstitch-2.2.0/src/ImageElementDlg.h
Examining data/kxstitch-2.2.0/src/ImportImageDlg.cpp
Examining data/kxstitch-2.2.0/src/ImportImageDlg.h
Examining data/kxstitch-2.2.0/src/KeyElementDlg.cpp
Examining data/kxstitch-2.2.0/src/KeyElementDlg.h
Examining data/kxstitch-2.2.0/src/KeycodeLineEdit.cpp
Examining data/kxstitch-2.2.0/src/KeycodeLineEdit.h
Examining data/kxstitch-2.2.0/src/Layer.cpp
Examining data/kxstitch-2.2.0/src/Layer.h
Examining data/kxstitch-2.2.0/src/Layers.cpp
Examining data/kxstitch-2.2.0/src/Layers.h
Examining data/kxstitch-2.2.0/src/LibraryFile.cpp
Examining data/kxstitch-2.2.0/src/LibraryFile.h
Examining data/kxstitch-2.2.0/src/LibraryFilePathsDlg.cpp
Examining data/kxstitch-2.2.0/src/LibraryFilePathsDlg.h
Examining data/kxstitch-2.2.0/src/LibraryListWidget.cpp
Examining data/kxstitch-2.2.0/src/LibraryListWidget.h
Examining data/kxstitch-2.2.0/src/LibraryListWidgetItem.cpp
Examining data/kxstitch-2.2.0/src/LibraryListWidgetItem.h
Examining data/kxstitch-2.2.0/src/LibraryManagerDlg.cpp
Examining data/kxstitch-2.2.0/src/LibraryManagerDlg.h
Examining data/kxstitch-2.2.0/src/LibraryPattern.cpp
Examining data/kxstitch-2.2.0/src/LibraryPattern.h
Examining data/kxstitch-2.2.0/src/LibraryPatternPropertiesDlg.cpp
Examining data/kxstitch-2.2.0/src/LibraryPatternPropertiesDlg.h
Examining data/kxstitch-2.2.0/src/LibraryTreeWidget.cpp
Examining data/kxstitch-2.2.0/src/LibraryTreeWidget.h
Examining data/kxstitch-2.2.0/src/LibraryTreeWidgetItem.cpp
Examining data/kxstitch-2.2.0/src/LibraryTreeWidgetItem.h
Examining data/kxstitch-2.2.0/src/Main.cpp
Examining data/kxstitch-2.2.0/src/MainWindow.cpp
Examining data/kxstitch-2.2.0/src/MainWindow.h
Examining data/kxstitch-2.2.0/src/NewFlossDlg.cpp
Examining data/kxstitch-2.2.0/src/NewFlossDlg.h
Examining data/kxstitch-2.2.0/src/Page.cpp
Examining data/kxstitch-2.2.0/src/Page.h
Examining data/kxstitch-2.2.0/src/PageLayoutEditor.cpp
Examining data/kxstitch-2.2.0/src/PageLayoutEditor.h
Examining data/kxstitch-2.2.0/src/PagePreviewListWidgetItem.cpp
Examining data/kxstitch-2.2.0/src/PagePreviewListWidgetItem.h
Examining data/kxstitch-2.2.0/src/PagePropertiesDlg.cpp
Examining data/kxstitch-2.2.0/src/PagePropertiesDlg.h
Examining data/kxstitch-2.2.0/src/Palette.cpp
Examining data/kxstitch-2.2.0/src/Palette.h
Examining data/kxstitch-2.2.0/src/PaletteManagerDlg.cpp
Examining data/kxstitch-2.2.0/src/PaletteManagerDlg.h
Examining data/kxstitch-2.2.0/src/PaperSizes.cpp
Examining data/kxstitch-2.2.0/src/PaperSizes.h
Examining data/kxstitch-2.2.0/src/Pattern.cpp
Examining data/kxstitch-2.2.0/src/Pattern.h
Examining data/kxstitch-2.2.0/src/PatternElementDlg.cpp
Examining data/kxstitch-2.2.0/src/PatternElementDlg.h
Examining data/kxstitch-2.2.0/src/Preview.cpp
Examining data/kxstitch-2.2.0/src/Preview.h
Examining data/kxstitch-2.2.0/src/PrintSetupDlg.cpp
Examining data/kxstitch-2.2.0/src/PrintSetupDlg.h
Examining data/kxstitch-2.2.0/src/PrinterConfiguration.cpp
Examining data/kxstitch-2.2.0/src/PrinterConfiguration.h
Examining data/kxstitch-2.2.0/src/QVariantPtr.h
Examining data/kxstitch-2.2.0/src/Renderer.cpp
Examining data/kxstitch-2.2.0/src/Renderer.h
Examining data/kxstitch-2.2.0/src/Scale.cpp
Examining data/kxstitch-2.2.0/src/Scale.h
Examining data/kxstitch-2.2.0/src/ScaledPixmapLabel.cpp
Examining data/kxstitch-2.2.0/src/ScaledPixmapLabel.h
Examining data/kxstitch-2.2.0/src/SchemeManager.cpp
Examining data/kxstitch-2.2.0/src/SchemeManager.h
Examining data/kxstitch-2.2.0/src/SchemeParser.cpp
Examining data/kxstitch-2.2.0/src/SchemeParser.h
Examining data/kxstitch-2.2.0/src/SelectArea.cpp
Examining data/kxstitch-2.2.0/src/SelectArea.h
Examining data/kxstitch-2.2.0/src/Stitch.cpp
Examining data/kxstitch-2.2.0/src/Stitch.h
Examining data/kxstitch-2.2.0/src/StitchData.cpp
Examining data/kxstitch-2.2.0/src/StitchData.h
Examining data/kxstitch-2.2.0/src/Symbol.cpp
Examining data/kxstitch-2.2.0/src/Symbol.h
Examining data/kxstitch-2.2.0/src/SymbolLibrary.cpp
Examining data/kxstitch-2.2.0/src/SymbolLibrary.h
Examining data/kxstitch-2.2.0/src/SymbolListWidget.cpp
Examining data/kxstitch-2.2.0/src/SymbolListWidget.h
Examining data/kxstitch-2.2.0/src/SymbolManager.cpp
Examining data/kxstitch-2.2.0/src/SymbolManager.h
Examining data/kxstitch-2.2.0/src/SymbolSelectorDlg.cpp
Examining data/kxstitch-2.2.0/src/SymbolSelectorDlg.h
Examining data/kxstitch-2.2.0/src/TextElementDlg.cpp
Examining data/kxstitch-2.2.0/src/TextElementDlg.h
Examining data/kxstitch-2.2.0/src/TextToolDlg.cpp
Examining data/kxstitch-2.2.0/src/TextToolDlg.h
Examining data/kxstitch-2.2.0/src/XKeyLock.cpp
Examining data/kxstitch-2.2.0/src/XKeyLock.h
FINAL RESULTS:
data/kxstitch-2.2.0/src/ConfigurationDialogs.cpp:38:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString localeUnits = (QLocale::system().measurementSystem() == QLocale::MetricSystem) ? i18n("Default (Centimeters)") : i18n("Default (Inches)");
data/kxstitch-2.2.0/src/ConfigurationDialogs.cpp:51:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
clothCountTypeSelected = (QLocale::system().measurementSystem() == QLocale::MetricSystem) ? Configuration::EnumEditor_ClothCountUnits::Centimeters : Configuration::EnumEditor_ClothCountUnits::Inches;
data/kxstitch-2.2.0/src/ConfigurationDialogs.cpp:230:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_currentClothCountUnitsIndex = (QLocale::system().measurementSystem() == QLocale::MetricSystem) ? Configuration::EnumEditor_ClothCountUnits::Centimeters : Configuration::EnumEditor_ClothCountUnits::Inches;
data/kxstitch-2.2.0/src/Document.cpp:73:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
clothCountUnits = (QLocale::system().measurementSystem() == QLocale::MetricSystem)?Configuration::EnumEditor_ClothCountUnits::Centimeters:Configuration::EnumEditor_ClothCountUnits::Inches;
data/kxstitch-2.2.0/src/ImportImageDlg.cpp:527:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
clothCountUnits = (QLocale::system().measurementSystem() == QLocale::MetricSystem) ? Configuration::EnumEditor_ClothCountUnits::Centimeters : Configuration::EnumEditor_ClothCountUnits::Inches;
data/kxstitch-2.2.0/src/Document.cpp:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[30];
data/kxstitch-2.2.0/src/Document.cpp:309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[23];
data/kxstitch-2.2.0/src/Document.cpp:482:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[51];
data/kxstitch-2.2.0/src/Document.cpp:506:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char RGBA[4];
data/kxstitch-2.2.0/src/Document.cpp:507:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorName[30];
data/kxstitch-2.2.0/src/Document.cpp:508:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorDescription[50];
data/kxstitch-2.2.0/src/Document.cpp:758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[125];
data/kxstitch-2.2.0/src/Document.cpp:783:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorDescription_1[30];
data/kxstitch-2.2.0/src/Document.cpp:784:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char RGBA[4];
data/kxstitch-2.2.0/src/Document.cpp:785:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorName_1[10];
data/kxstitch-2.2.0/src/Document.cpp:786:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unknown_1[59];
data/kxstitch-2.2.0/src/Document.cpp:790:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorDescription_2[30];
data/kxstitch-2.2.0/src/Document.cpp:791:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unknown_3[5];
data/kxstitch-2.2.0/src/Document.cpp:792:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorName_2[25]; // seems to be Black all the time
data/kxstitch-2.2.0/src/Document.cpp:1081:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[33];
data/kxstitch-2.2.0/src/Document.cpp:1082:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorName_1[10];
data/kxstitch-2.2.0/src/Document.cpp:1083:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorDescription_1[30];
data/kxstitch-2.2.0/src/Document.cpp:1087:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font[30];
data/kxstitch-2.2.0/src/Document.cpp:1089:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorDescription_2[30];
data/kxstitch-2.2.0/src/Document.cpp:1091:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorName_2[10];
data/kxstitch-2.2.0/src/FlossScheme.cpp:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[3];
data/kxstitch-2.2.0/src/LibraryFile.cpp:105:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kxstitch-2.2.0/src/LibraryFile.cpp:107:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[11];
data/kxstitch-2.2.0/src/LibraryFile.cpp:203:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) { // truncates the file
data/kxstitch-2.2.0/src/MainWindow.cpp:298:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tmpFile.open()) {
data/kxstitch-2.2.0/src/MainWindow.cpp:310:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (reader.open(QIODevice::ReadOnly)) {
data/kxstitch-2.2.0/src/MainWindow.cpp:370:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/kxstitch-2.2.0/src/MainWindow.cpp:522:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tmpFile.open()) {
data/kxstitch-2.2.0/src/MainWindow.cpp:1122:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
KStandardAction::open(this, static_cast<void (MainWindow::*)()>(&MainWindow::fileOpen), actions);
data/kxstitch-2.2.0/src/SchemeManager.cpp:197:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (schemeFile.open(QIODevice::WriteOnly)) {
data/kxstitch-2.2.0/src/SymbolLibrary.cpp:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[15];
data/kxstitch-2.2.0/src/SymbolManager.cpp:155:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
ANALYSIS SUMMARY:
Hits = 37
Lines analyzed = 30397 in approximately 1.45 seconds (20986 lines/second)
Physical Source Lines of Code (SLOC) = 20147
Hits@level = [0] 0 [1] 0 [2] 32 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 37 [1+] 37 [2+] 37 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 1.8365 [1+] 1.8365 [2+] 1.8365 [3+] 0.248176 [4+] 0.248176 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.